Hi Dscho, On Fri, Mar 26, 2021 at 10:12:45PM +0000, Johannes Schindelin via GitGitGadget wrote: > From: Johannes Schindelin <johannes.schindelin@xxxxxx> > > In the same document, describe that Git does not have Long Term Support > (LTS) release trains, although security fixes are always applied to a > few of the most recent release trains. > > Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> > --- > SECURITY.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 51 insertions(+) > create mode 100644 SECURITY.md > > diff --git a/SECURITY.md b/SECURITY.md > new file mode 100644 > index 000000000000..282790164e78 > --- /dev/null > +++ b/SECURITY.md > @@ -0,0 +1,51 @@ > +# Security Policy > + > +## Reporting a vulnerability > + > +Please send a detailed mail to git-security@xxxxxxxxxxxxxxxx to > +report vulnerabilities in Git. > + > +Even when unsure whether the bug in question is an exploitable > +vulnerability, it is recommended to send the report to > +git-security@xxxxxxxxxxxxxxxx (and obviously not to discuss the > +issue anywhere else). > + > +Vulnerabilities are expected to be discussed _only_ on that > +list, and not in public, until the official announcement on the > +Git mailing list on the release date. > + > +Examples for details to include: > + > +- Ideally a short description (or a script) to demonstrate an > + exploit. > +- The affected platforms and scenarios (the vulnerability might > + only affect setups with case-sensitiv file systems, for Small typo: s/sensitiv/&e/
